Lucene search
+L

22 matches found

snyk
snyk
added 2026/07/09 4:31 p.m.4 views

User Impersonation

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to User Impersonation via the token-exchange identity-resolution service in packages/cli/src/modules/token-exchange/services/identity-resolution.service.ts. An attacker can authenticate as another user...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References2
osv
osv
added 2026/07/09 3:27 p.m.3 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS6.1AI score0.00143EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/09 3:27 p.m.33 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
cve
cve
added 2026/07/09 3:27 p.m.19 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/07/08 11:16 p.m.9 views

CVE-2026-54778

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...

6.2CVSS0.001EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/08 10:11 p.m.33 views

CVE-2026-54778 CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...

6.2CVSS0.001EPSS
Exploits0References6
cve
cve
added 2026/07/08 10:11 p.m.15 views

CVE-2026-54778

CVE-2026-54778 : CoreWCF UnixDomainSocket suffers a race in POSIX peer identity resolution due to non-reentrant getpwuid/getgrgid calls, allowing identity misattribution or host process crash under contention. Affected versions are prior to 1.8.1 and 1.9.1; fixed in 1.8.1 and 1.9.1. Impact is lim...

6.2CVSS6AI score0.001EPSS
Exploits0References6
github
github
added 2026/06/19 8:46 p.m.10 views

CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another getpwuid/getgrgid non-reentrant and may crash the host process under contention. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Restrict UDS filesystem permissions so that only trust...

6.2CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/06/19 8:46 p.m.7 views

Expired Pointer Dereference

Overview CoreWCF.UnixDomainSocket is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Expired Pointer Dereference in...

6.2CVSS6AI score0.001EPSS
Exploits0References3
osv
osv
added 2026/06/19 8:46 p.m.6 views

GHSA-Q6V9-43V5-JV9Q CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution

Impact Race condition in POSIX peer identity resolution may attribute one connection’s identity to another getpwuid/getgrgid non-reentrant and may crash the host process under contention. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Restrict UDS filesystem permissions so that only trust...

6.2CVSS5.8AI score0.001EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/19 12:0 a.m.17 views

PT-2026-51075

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description CoreWCF UnixDomainSocket POSIX peer identity resolution utilizes non-reentrant getpwuid and getgrgid calls. This creates a race condition where concurrent connections...

6.2CVSS6AI score0.001EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.10 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References1
nessus
nessus
added 2026/05/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-4868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References2
osv
osv
added 2026/05/28 9:12 a.m.12 views

BIT-GITLAB-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References4
nvd
nvd
added 2026/05/27 7:16 p.m.17 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS0.00341EPSS
Exploits0References3
osv
osv
added 2026/05/27 7:16 p.m.6 views

UBUNTU-CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/27 5:55 p.m.12 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2026/05/27 5:55 p.m.21 views

EUVD-2026-32620

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References3
cve
cve
added 2026/05/27 5:55 p.m.60 views

CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. Under certain conditions, an authenticated user could have caused specific Duo AI workflows to run under another user’s identity due to improper user identity...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.12 views

PT-2026-44068

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.8 through 18.10.6 GitLab EE versions 18.11 through 18.11.3 GitLab EE versions 19.0 through 19.0.0 Description An issue exists where improper user identity resolution when triggering Duo AI workflow runners could allow an...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References10
Rows per page
Query Builder